Hackers are now sending scam QR codes via physical mail — and they can steal your passwords

The postal service is being weaponized by hackers.
By Matt Binder  on 
QR code on a piece of paper with person scanning it on their phone
Hackers are now sending scam QR codes via physical mail — and they can steal your passwords, Credit: Africa Studio / Shutterstock.com

We've warned you about QR code scams before. Now, we're warning you about a new QR code scam – one that may show up in your physical mailbox.

The National Cyber Security Centre (NCSC) in Switzerland has issued a new alert based on a new scheme from hackers and scammers that weaponizes the postal service. The scam involves a physical piece of mail arriving at a target's door, urging them to download an app. 

The app, which can be downloaded via a QR code displayed on the mailer, is actually malware disguised as a legitimate app that can steal data from the user's device.

A new type of QR code scam

The hackers and scammers behind this fraudulent scheme imitate Switzerland's Federal Office of Meteorology and Climatology, right down to the official governmental seals on the mailed document. The mailer urges recipients to scan the QR code in order to download a "Severe Weather Warning App" for Android devices. 

When the QR code is scanned, users aren't taken to the official Google Play store, but instead a third-party site. Once there, they are asked to download an "AlertSwiss" app.

Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!

As first reported on by The Register, there are some obvious discrepancies between the hacker's app and the real one that it copies. There is a genuine government app with the same name, but it's called "Alertswiss," without the capitalized "S." In addition, while the fake app attempts to mimic the app logo, it isn't exactly the same.

The fake app, when downloaded, installs a "variant of the Coper trojan" malware on the target's device. This malware can log the user's activity on the device, stealing passwords, messages, notifications, as well as other sensitive information. In addition, phishing pages can be automatically displayed on the infected device as well.

NCSC told The Register that this was the first time it had ever come across malware being delivered via physical mail in this way. 

Unlike email, there is a cost associated with sending each piece of physical mail, so this attack method must be delivering some level of success to the scammers behind it.

If bad actors aren't already looking at replicating this campaign outside of Switzerland yet, this warning should serve as an important notice to be on the look out for QR code scams being sent to your physical address in the not-so-distant future.

Topics Cybersecurity


Recommended For You
New online scam claims to have proof your spouse is cheating on you
Scam email

Apple fixes dangerous 'GAZEploit' Vision Pro security flaw
Apple Vision Pro

iOS 18.2 Apple Mail gets major redesign: 3 biggest updates
Mail icon displayed on an iPhone screen


Hackers steal nearly 1.7 million credit card numbers in breach
Hacker with stolen credit card

Trending on Mashable
NYT Connections hints today: Clues, answers for December 6, 2024
A phone displaying the New York Times game 'Connections.'

Wordle today: Answer, hints for December 6
a phone displaying Wordle

NYT Mini crossword answers, hints for December 6, 2024
Closeup view of crossword puzzle clues

Tesla suspends Cybertruck production. Who could have predicted this?
Tesla vehicles, including Cybertrucks, loaded on a transport that seems to be going nowhere.

NYT Connections hints today: Clues, answers for December 5, 2024
A phone displaying the New York Times game 'Connections.'
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!